A Week in Security (Apr 05 - 11)

A Week in Security (Nov 29 – Dec 05)

Last week, we touched on malware crypters, image file execution options (IFEO), and movie spam subreddits on Reddit.

Malware intelligence analyst Christopher Boyd, found and discussed a spam campaign banking on INTUIT, the creator of the accounting software, Quickbooks. The fake email posed as a security warning to recipients, informing them that they should update to the latest version of their software. The link contained in the mail, however, led to a fake browser update page.

Malwarebytes detects the malware on these sites as Trojan.Downloader.

Malware intelligence analyst Jovi Umawing then wrote about a Facebook phishing campaign that tricked users into supposedly using a “free video app” by providing their credentials to the said social network. The campaign mainly targeted those who can understand Spanish.

Lastly, senior security researcher Jérôme Segura saw history repeat itself as a fresh batch of adult sites were found to distribute malicious ads, particularly the Flash EK via the AdXpansion advertising network. A day after publishing this report, the ad company contacted Malwarebytes to inform us that the reported ads were already disabled.

Notable news stories and security related happenings:

  • CyberSecure: Using a Crisis as an Opportunity to Protect and Enhance the Company’s Reputation. “The realization that all companies will inevitably experience a data breach at some point exposes the need for a strong communication strategy to preserve a company’s reputation. More than 70 percent of global organizations are expected to experience a breach in the next three years.” (Source: LegalTech News)
  • Telegram Android App is a Stalker’s Dream. “Popular instant messaging service Telegram provides optional end-to-end encrypted messaging and, in general, is highly focused on protecting user privacy. Despite these efforts, some security experts have advised against using it if you want to keep your identity and your messages secret.” (Source: Help Net Security)
  • Some Raspberry Pi Devices Have Predictable SSH Host Keys. “Raspberry Pi devices running on Raspbian may need to be patched to avoid a security issue that results in the device generating weak and predictable SSH keys” (Source: Softpedia)
  • Team America, World Police, Take Down 37,479 Counterfeit Sites. “A band of merry world police lead by the United States Customs and Border Protection service shut down 37,479 copyright-infringing websites hawking counterfeit goods in the lead up to the Cyber Monday buying blitz. The takedown involved varying forms of collaboration between 27 countries including the Britain, France, Denmark, and Spain.” (Source: The Register)
  • Bring Your Own Debate: Balancing Risk and Reward in BYOD Policies. “In the past decade, mobile computing has fundamentally changed the way that we work, live and interact with one another. And as a direct result of that paradigm shift, we no longer view the world through window panes, but rather through the small glass displays we keep in our pockets.” (Source: LegalTech News)
  • Hacked Toymaker Leaked Gigabytes Worth of Kids’ Headshots and Chat Logs. “VTech, the hacked maker of electronic toys and apps that leaked the data of 4.8 million customers, including hundreds of thousands of children, exposed gigabytes’ worth of pictures and chat histories on the same compromised servers, according to an article published on Motherboard, the website that first broke news of the breach.” (Source” Ars Technica)
  • Americans Say It is Riskier to Use Public Wi-Fi than a Public Restroom: Survey. “Although consumers consistently give themselves a solid A when it comes to grading their online security behaviors, most leave their information vulnerable.” (Source: LegalTech News)
  • Popular 3G/4G Data Dongles are Desperately Vulnerable, Say Hackers. “Cellular modems from four vendors have been popped by security researchers, who have documented cross-site scripting (XSS), cross-site request forgery (CSRF), remote code execution (RCE) and integrity attacks on the products.” (Source: The Register)
  • How Facebook Bakes Security into Corporate Culture. “Sophisticated systems and advanced engineering capabilities are critical for scaling security at Facebook, and we’re fortunate to have them. However, one of our most powerful defenses is something businesses of any size can develop: a strong security culture.” (Source: Dark Reading)
  • Gas Theft Gangs Fuel Pump Skimming Scams. “Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam: Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers. Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations.” (Source: Krebs on Security)
  • Phishing Blast Uses Dropbox to Target Hong Kong Journalists. “Researchers at FireEye have disclosed an ongoing Phishing campaign that’s using Dropbox as a delivery platform. The campaign is ran by a group that researchers have named “admin@338″ and it’s targeting media organizations in Hong Kong that publish pro-democracy materials.” (Source: CSO Online)
  • Custom Secure Apps are Gaining Popularity in the Enterprise. “For the fourth quarter in a row, secure browser led all app categories, growing 57 percent quarter-over-quarter to account for 37 percent of all apps deployed by organizations. Custom apps, secure IM, document access and document editing followed as the next most popular app categories.” (Source: Help Net Security)
  • Scammers Threatening Users with Apple ID Suspension Phishing Scam. “A phishing email has been discovered alerting Apple users that their Apple ID would be suspended if they do not complete a verification within time. The email further states that the user supposedly didn’t respond to a previous warning email and now it is compulsory to click on “verify now” button to complete the pending verification.” (Source: HackRead)
  • App Broke ‘Every Rule in the Book’, Leaving Billboards Open to the Threat of Real-life Ad-blocking. “OutdoorLink Inc. has patched several vulnerabilities in its SmartLink Systems app that could have allowed an attacker to assume control of outdoor electronic billboards and compromise users’ login credentials […] Its mobile app, SmartLink Systems, allows users to assume remote control and monitoring of their OutdoorLink-connected billboard via the use of their phone or tablet.” (Source: Graham Cluley’s Blog)
  • WebEx Android App Users Told to Update ASAP, Due to Risk of Attack. “…And that point is driven home once again, by an alert issued by Cisco telling users of its WebEx Meetings business conferencing app to urgent update their Android software, after a serious security flaw was discovered. More than five million Android users are thought to have installed the app.” (Source: Tripwire’s The State of Security Blog)

Safe surfing, everyone!

The Malwarebytes Labs Team